Java Zero-Day Exploits: Why I am STILL Not Worried.

Last Saturday, I was surprised to see a news story that Homeland Security is recommending that all desktop users disable Java. We just went through this last August with Oracle and Java! I even checked the article dates to make sure they weren’t posted in error.

Sure enough, zero-day exploit vulnerabilities have been identified in compromised Java web sites. Oracle has rushed out a patch to deal with these problems, one of which is a bug that some analysts feel should have been fixed when the August exploits were revealed.

As the great Yogi Berra would say, “It’s Déjà vu all over again!”

These vulnerabilities are as serious as they can get. They can be used to trick your browser and operating system into downloading malicious software from a compromised web site and escalating the malware’s system rights. If it can do that, the hackers can do anything they want to harm or control your compute.

There are reports that criminal toolkits, available on the internet, have been updated to exploit these Java zero-day vulnerabilities. Sadly, there is a big market for these toolkits.

Perhaps you enjoy having a zombie computer that sends out junk email, commits click fraud or is part of denial of service attacks. Maybe you aren’t worried about someone stealing your personal information for financial fraud. And your hard drive might not be important enough to you that you care if somebody messes.

As for me, I opt out!

In response to the August Java zero-day exploits, I published an article titled, “Java Zero-day Exploits: Why I am Not Worried”. My reason then for being unconcerned is the same reason today I am STILL not worried.

My computers are protected by our Comodo Internet Security 2013 antivirus. Other Antivirus systems compare programs to a file of known viruses and malware, which requires constant updates to the file. There are thousands of new viruses introduced every day!

Comodo uses a “default deny” system that will run any program that it is not sure of in an isolated system area called a sandbox. The chances of any malware ever impacting your system are dramatically reduced, even when they haven’t been identified yet by the Internet security community.

How dramatic? Enough that Comodo provides a $500 guarantee that your computer will not be harmed from malware when protected with its antivirus.

So, no worries.

Not only that, Comodo Internet Security 2013 has new protections. If I want to make absolutely sure a Java application is safe, I can run it in our new Virtual Kiosk. The Kiosk is a virtual windows desktop complete with icons for running your favorite programs, as shown below:

Like our Auto Sandbox Technology, a malicious application running in the Virtual Kiosk can’t harm the rest of the computer. You can even use a virtual keyboard that protects you from spyware that record your keystrokes, as shown in the example .

You can also choose to run a program in the sandbox. For example, if you need to use a Java enabled web site and are concerned by the recent warnings, simply run the browser in the sandbox. The browser window will have a green shade around it to let you know that you are protected.

Comodo is great for the user who wants to “set it and forget it”, but for those want to go under the covers and manage at a lower level they provide tools like the Killswitch window, shown in the example below:

In this example, the programs shaded in gray are running “virtualized” in the sandboxed. The Killswitch includes a rating to help you know if a program can be trusted, and options to halt and delete a program if it can’t.

Comodo has a proactive approach to fighting malware. The sandbox and Virtual Kiosk protect you against any untrusted program, not just known threats like the new Java exploits. We provide solutions that will protect against malware not yet invented and exploits not yet found.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now

Comments

It’s scary reading these articles, almost daily now! There seems to be a rise in “waterholing” attacks where sites are compromised and exploits, usually java based crime-ware kits, are inserted and used to target specific visitors… My website was hacked a few weeks ago and took a lot of time to fix 🙁

Unfortunately, Java is being used by companies like Apple to not support certain programs like Adobe. I think this security threat may be short lived, but we will see future doors opened up to hackers/viruses through such programs. In this day and age, nothing is 100% secure.